n2disk™

10/40 Gbit network traffic recorder with indexing capabilities

n2disk™ is a network traffic recorder application. With n2disk™ you can capture full-sized network packets at multi-Gigabit rate (above 10 Gigabit/s on adequate hardware) from a live network interface, and write them into files without any packet loss. n2disk™ has been designed to write files into disks for very long periods, you have to specify a maximum number of distinct file that may be written during the execution, and if n2disk™ reaches the maximum number of files, it will start recycling the files from the oldest one. This way you can have a complete view of the traffic for a fixed temporal window, knowing in advance the amount of disk space needed.
n2disk™ uses the industry standard PCAP file format to dump packets into files so the resulting output can be easily integrated with existing third party or even open/source analysis tools (e.g. Wireshark).
n2disk™ has been designed and developed mainly because most network security systems rely on capturing full-size packets, since any packets may have been responsible for the attack or could contain the problems that we are trying to find. Netflow information is more manageable and requires less disk space to be stored, but in some cases, like deep-packet-inspection analysis or controlled traffic regeneration, it is not useful.
n2disk™ can be effectively used to perform numerous activities, among these:

BPF filters supports (using the same format as in the popular tcpdump tool) to filter out the unwanted network packets from the recording process.

Optimized BPF-like filters support, a faster replacement for BPF filters (a subset of the BPF syntax is supported), that can be used both in packet capture and post-capture filtering.

Multi-core support. n2disk™ has been designed with multicore architectures in mind. It uses at least 2 threads (one for the packet capture and one for the disk writing) and it is possible to further parallelize packet capture using multiple threads. The communication between threads has been carefully optimized.

Direct-IO disk access. n2disk™ uses the Direct IO access to the disks in order to obtain maximum disk-write throughput.

Real-Time indexing. n2disk™ is able to produce an index on-the-fly during packet capture. The index can be queried using a BPF-like syntax to quickly retrieve interesting packets in a specified time interval. Besides the per-dump-file index, n2disk™ can also produce a timeline, a way of keeping the whole captured traffic in chronological order. Using the utilities provided with n2disk™, it is possible to query the timeline for specific packets belonging to the whole dump set in a given time interval.

Upcoming Events

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies from this website. Privacy PolicyAcceptRead more